29/08/2025

Week 35 – Remote code execution vulnerability in Citrix NetScaler products

25 – 31 Aug 2025

This week’s CVE of the Week is about a remote code execution vulnerability in Citrix NetScaler products.

NetScaler is a line of networking products owned by Cloud Software Group. NetScaler ADC is an enterprise-grade application delivery controller that delivers applications quickly, reliably, and securely.

On August 26th, Citrix published a security advisory for vulnerabilities, including CVE-2025-7775, a zero-day vulnerability which has been exploited in the wild.

In the advisory, Cloud Software Group thanks Jimi Sebree of Horizon3.ai, Jonathan Hetzer, of Schramm & Partnerfor and François Hämmerli for working with them to protect Citrix customers.

This issue is categorized as Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) – The CVSSv4 score is 9.2 Critical.

Multiple versions of the products impacted:

NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-47.48, and 13.1 BEFORE 13.1-59.22.
NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.241-FIPS and NDcPP
NetScaler ADC 12.1-FIPS and NDcPP BEFORE 12.1-55.330-FIPS and NDcPP
It is noted that versions 12.1 and 13.0 (non-FIPS/NDcPP) are also vulnerable, however, they have reached End of Life status.

Additionally, other services which uses NetScaler instances can also be affected, for example Secure Private Access on-prem or Secure Private Access Hybrid deployments.

An unauthenticated attacker could exploit this vulnerability to execute arbitrary code or cause a DoS condition on an affected device.

According to the security advisory from Citrix, exploitation has been observed prior to the advisory and patches being made public.

Security Researchers urge customers using vulnerable versions to upgrade as soon as possible, because according to the Security Advisory, this flaw was already exploited in the wild. Citrix does not provide any mitigations or workarounds for the vulnerable versions other than upgrade.

CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

Details about the issue, the list of affected versions and additional information are available in Citrix’s security bulletin:
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938

For more information about the vulnerability, please visit NVD’s site:
https://nvd.nist.gov/vuln/detail/CVE-2025-7775
https://www.tenable.com/cve/CVE-2025-7775

White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.

With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.

They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.

Author: White Hat IT Security

Filed Under: CVE of the Week

Tags: cve, cveoftheweek, cybersecurity, informationsecurity, WhiteHatSeries

Week 34 – Fire at Cisco Secure FMC